Welsh electoral roll data inquiry continues

Details on the electoral roll may have been mistakenly passed to third parties

A data security expert says electoral roll breaches at three Welsh councils could be even more widespread.

The Information Commissioner's Office (ICO) is continuing to investigate how voter details may have been mistakenly passed to third parties.

A computer software error is being blamed for the issue at Rhondda Cynon Taf, Torfaen and Caerphilly councils.

But expert Prof Alan Woodward said the issue raised fresh concerns about the control of personal data.

The University of Surrey expert told BBC Radio Wales that the data errors could be an issue for other local authorities across the UK.

"What we also don't know is the software that was being used - which other councils are using it," he said.

"They might also be making the same mistake, so it could be quite widespread."

Opting out

The electoral roll error relates to the two different versions of the roll - known as the full and edited electoral rolls.

The edited roll can be sold to third parties, who might use it for marketing purposes.

But, crucially, members of the public can opt-out of this list, and insist that their details are left out of the edited electoral roll.

However, in the case of the three Welsh councils now under investigation, the computer error meant the opt-out requests were missed.

It meant the full electoral rolls were passed to credit check agencies, without the vital information about which names and addresses could not be sold on to third parties for marketing purposes.

Letters have been sent out to residents across Rhondda Cynon Taf

An ICO spokesperson said: "The full version of the electoral register should only be used for elections, preventing and detecting crime and checking applications for credit.

"Any suggestion that it has been made available for other purposes raises clear data protection concerns.

"We will making enquiries into the potential data breach.

"This will include considering whether the problem has implications for other councils."

Officials at Rhondda Cynon Taf have written to residents confirming the error - and saying it has taken steps to rectify the issue.

It also reported itself to the ICO.

'Isolated issue'

"The council apologises for this error, but believe it has taken action swiftly to deal with it as soon as it came to light," stated the letter.

Caerphilly council said 23 people had been affected.

Credit reference agencies which received the data were immediately notified and an updated register provided.

Torfaen council said four residents had been affected.

A spokesman for Torfaen said: "As soon as we were made aware of the problem the data was amended. We are writing to the people affected to inform them about the issue."

A spokeswoman for Experian credit agency confirmed that it was aware of "an isolated issue affecting a limited number of electoral roll records".

It said between 10 and 100 people could be impacted in each of those councils affected - which could mean they might end up receiving "some marketing information they might have preferred not to receive".